↳ https://shells.systems/category/static-code-analysis/
Estimated Reading Time: 7 minutes Summary about FusionPBX FusionPBX can be used as a highly available single or domain based multi-tenant PBX, carrier grade switch, call center server, fax server, voip server, voicemail server, conference server, voice application server, appliance framework and mor…
↳ https://www.twitch.tv/videos/511447089
…
↳ https://twitter.com/avicoder/status/1196796321945931776
I’ve started maintaining the list in scope urls of all public @Hacker0x01 programs. Can be consumed in lot of automation tools Check it out here: #togetherwehitharder…
↳ https://github.com/netanel01/ctf-writeups
ctf-writeups Google CTF Finals 2019 Pwn Gomium…
↳ https://www.xda-developers.com/android-development-bypass-hidden-api-restrictions/
Flashback to over a year ago, and we’re all excited about seeing what’s to come in the Android P betas. Users are looking forward to new features, and developers are looking forward to some new tools to make their apps better….
↳ https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html
For the past few years, security research has been something I’ve done in my spare time. I know there are people that make a living off of bug bounty programs, but I’ve personally just spent a few hours here and there whenever I feel like it….
↳ https://medium.com/@inonst/a-deep-dive-on-the-most-critical-api-vulnerability-bola-1342224ec3f2
In this article I dig into the details about Broken Object Level Authorization (BOLA) — the most common and most severe API vulnerability today according to the OWASP API Security Project. Insecure Direct Object Reference (IDOR) and BOLA are the same thing….
↳ https://medium.com/@pig.wig45/bypassing-access-control-in-a-program-on-hackerone-ef213ab34703
This blog is about a vulnerability that I found in a program on hackerone i.e. Wakatime.It is a platform for developers and has an active bug bounty program on hackerone. So, first I started by creating two accounts on their platform using two different email id’s….
↳ https://medium.com/@yogeshtantak7788/how-i-was-able-to-delete-google-gallery-data-idor-53d2f303efff
Hi,This is Yogesh Tantak a Security Researcher from India. Today I am writing about a critical bug that I found in Google’s new Product “Gallery”. This bug could allowed a malicious user to delete all collection from Gallery.io or Google gallery app….
↳ https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers
In this writeup, I will be covering techniques which can be used to influence web systems and applications in unexpected ways, by abusing HTTP/1.1 hop-by-hop headers….
↳ https://github.com/0xInfection/Awesome-WAF
Everything awesome about web application firewalls (WAFs). ? Foreword: This was originally my own collection on WAFs. I am open-sourcing it in the hope that it will be useful for pentesters and researchers out there….
↳ https://github.com/berzerk0/Probable-Wordlists
Do you know what the world’s most common passwords are? Do you know what they look like? You’ll want to avoid them to be secure! This repository does not contain code, but links to a group of lists. A clone may not be necessary to get the files you need….
↳ https://github.com/foospidy/payloads
Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated….
↳ https://github.com/coreb1t/awesome-pentest-cheat-sheets
Your contributions and suggestions are heartily welcome. Please check the Contributing Guidelines for more details….
↳ https://github.com/OWASP/CheatSheetSeries
This repository contains all the cheat sheets of the project and represent the V2 of the OWASP Cheat Sheet Series project. When a reference to a cheat sheet need to be created then a link pointing to the project (generated) official web site hosted on https://cheatsheetseries.owasp….
↳ https://www.patreon.com/hackplus
is creating Awesome knowledge sharing tools for the community 0 patrons $0 per month Become a patron Facebook Twitter Tumblr Pinterest Support me with sharing knowledge among fellow hackers….
↳ https://github.com/ivRodriguezCA/RE-iOS-Apps
Welcome to my course Reverse Engineering iOS Applications. If you’re here it means that you share my interest for application security and exploitation on iOS. Or maybe you just clicked the wrong link ?…
